Tuesday, January 8, 2019

Tidelift, founded by former Red Hat employees, announces $25 million - Business Insider

Back in the early 2000s, people would balk at the notion of using free, open source software to run a serious business — companies like Red Hat, which bet its business model on the concept, were seen as oddities. But times have changed: Open source software is key to most modern computing infrastructures. And over a decade later, IBM plans to acquire Red Hat for a colossal $34 billion.

Now, a group of former Red Hat employees have co-founded Tidelift, a startup that wants to repeat the trick and pioneer a new business model for open source software. To that end, Tidelift announced on Monday $25 million in new funding from General Catalyst, Foundry Group, and former Red Hat CEO Matthew Szulik.

What Tidelift is trying to do, says Donald Fischer, co-founder and CEO of Tidelift, is connect the users of open source software directly with the people who make it.

"It only makes sense that it should be in our self-interest to pay the maintainers of [open source] software. If we don't do that, it's going to be a rough 2019. We need to set ourselves up with decades of more success," Fischer told Business Insider.

Often, open source projects are maintained by enthusiasts in their spare time as an act of altruism towards the developer community. But those maintainers often have day jobs, or otherwise don't have the time or financial resources to work on the project full-time. Open source software is always free, and free doesn't pay the bills.

This results in under-maintained open source software, says Fischer, where security holes and other bugs go unhatched in even reasonably popular projects. That, in turn, makes it harder for businesses to rely on open source software — and sometimes drives them to pricier, but better-supported, commercial products from the likes of Oracle or Microsoft.

That's where Tidelift comes in, says Fischer. If you're a development team using open source software, you can subscribe to Tidelift. Your subscription fee gets disbursed to the maintainers of the open source projects you're using — provided those maintainers themselves have signed up for Tidelift. In return, those maintainers provide Tidelift subscribers with the tech support and fixes they need to put open source to work.

"We observed that there's a two-sided marketplace at work around open source software," Fischer said. "There's various individuals and teams creating software for different reasons. There's been a missed opportunity where organizations consuming that software would be interested in paying for additional assurances, and many people who would be interested in getting paid for those services."

'Cracks' in the open source business

The founders of Tidelift have been working together in open source for the last 20 years, including at Red Hat. Fischer recalls that with IBM announced it would acquire Red Hat, it was "both gratifying and a little saddening."

The new funding comes after a tumultuous year in open source, which brought the industry's traditional business model under fresh scrutiny.

"It was sort of an amazing year for open source. At the same time, there are cracks forming around open source," said Fischer.

Open source companies like Elastic went public, while high-profile companies in the space like GitHub and Red Hat navigated to big-money acquisitions.

The traditional open source business model is called "open core" — companies like MongoDB, Elastic, and even Red Hat offer free, open source software that anyone can download and use as they wish. They make their money by charging for tech support and extra features that make the software more suitable for businesses.

The rise of cloud computing has thrown an interesting wrinkle in that formula: Cloud platforms like Amazon Web Services and Microsoft Azure take the free open source software created by the open source community, package it up into a paid service, and offer it to their own customers for a profit. It's all perfectly legal, but it's sparked some backlash from smaller open source companies, which have been making defensive moves against the practice.

Tidelift believes that its subscription solution can thread that needle, offering a way for open source developers to make money without having to worry about a major cloud platform — or anybody else — eating your lunch.

The Tidelift solution

From Fischer's perspective, it's crucial that maintainers get the financial support to continue their open source work. With the funding, Tidelift plans to expand its coverage and bring more open source projects into the fold, at a time when it sees good open source maintenance as more vital than ever.

Back in November, the world got an object lesson in the value of good open source maintenance when an open-source Javascript package called "event-stream," with over 100 million downloads a year and used by the BBC and Microsoft, was found to have bitcoin-stealing malware that was snuck in by a malicious third party.

While things don't always get that dramatic, Fischer says that a Tidelift subscription can give developers peace of mind that their open source software is getting timely updates and security fixes. That's something that you just don't get if you download open source software from the internet and just get started using it.

"Open source software hasn't traditionally come with those guarantees," Fischer said. "It does come with the guarantee that you can make a copy of it. Just because you can make a copy and download it from GitHub doesn't mean anyone's ready to keep it working and keeping it well-maintained."